[Bug 716641] Re: CVE-2010-4257: SQL Injection from trackback functions

[Artur Rona]

wordpress (3.0.2-1ubuntu1) natty; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - debian/apache.conf:
      + Changed to use /var/www instead of /srv/www for virtual webroot.
    - debian/setup-mysql:
      + Changed to use /var/www instead of /srv/www.
 -- Artur Rona <ari-tczew at ubuntu.com>   Sat, 11 Dec 2010 14:57:22 +0100

** Also affects: wordpress (Ubuntu Natty)
   Importance: Undecided
       Status: Confirmed

** Changed in: wordpress (Ubuntu Natty)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.
https://bugs.launchpad.net/bugs/716641

Title:
  CVE-2010-4257: SQL Injection from trackback functions

Status in “wordpress” package in Ubuntu:
  Fix Released
Status in “wordpress” source package in Lucid:
  New
Status in “wordpress” source package in Maverick:
  New
Status in “wordpress” source package in Natty:
  Fix Released
Status in “wordpress” package in Debian:
  Unknown
Status in “wordpress” package in Fedora:
  Unknown

Bug description:
  Binary package hint: wordpress

  SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote
  authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.